lix-project/keycloak-allowban-plugin
17
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Attempt to fix credential setup required issue

Browse source
This commit is contained in:
jade 2024-03-24 16:53:25 -07:00
parent b925d208b0
commit 08860c249a
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
plugin/src/main/java/systems/lix/keycloak/AllowBanCheck.java
View file

@ -24,7 +24,8 @@ public class AllowBanCheck implements Authenticator {
// The reason that we don't use the external ID link is that people can delete those. // The reason that we don't use the external ID link is that people can delete those.
var attr = context.getUser().getFirstAttribute("githubId"); var attr = context.getUser().getFirstAttribute("githubId");
if (attr == null) { // The empty case is only if there is a mistake in a user
if (attr == null || attr.isEmpty()) {
// We don't think this should be "attempted", because this must be // We don't think this should be "attempted", because this must be
// a required authenticator, and we want to pass if we don't apply. // a required authenticator, and we want to pass if we don't apply.
context.success(); context.success();
@ -32,11 +33,13 @@ public class AllowBanCheck implements Authenticator {
} }
if (allowBansDB.isUserBannedById(attr)) { if (allowBansDB.isUserBannedById(attr)) {
LOG.error("User {} is banned", context.getUser().getUsername());
context.getEvent().error("User is banned"); context.getEvent().error("User is banned");
var challenge = context.form().setError("User is banned!").createErrorPage(Response.Status.UNAUTHORIZED); var challenge = context.form().setError("User is banned!").createErrorPage(Response.Status.UNAUTHORIZED);
context.failure(AuthenticationFlowError.ACCESS_DENIED, challenge); context.failure(AuthenticationFlowError.ACCESS_DENIED, challenge);
return; return;
} else if (allowBansDB.isUsingAllowList() && !allowBansDB.isUserExplicitlyAllowedById(attr)) { } else if (allowBansDB.isUsingAllowList() && !allowBansDB.isUserExplicitlyAllowedById(attr)) {
LOG.error("User {} is not allow-listed", context.getUser().getUsername());
context.getEvent().error("User is not allow-listed"); context.getEvent().error("User is not allow-listed");
var challenge = context.form().setError("User is not allow-listed!").createErrorPage(Response.Status.UNAUTHORIZED); var challenge = context.form().setError("User is not allow-listed!").createErrorPage(Response.Status.UNAUTHORIZED);
context.failure(AuthenticationFlowError.ACCESS_DENIED, challenge); context.failure(AuthenticationFlowError.ACCESS_DENIED, challenge);
@ -58,9 +61,8 @@ public class AllowBanCheck implements Authenticator {
@Override @Override
public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) { public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
var attr = userModel.getFirstAttribute("githubId"); // "Credential setup required" error if false is returned here.
return true;
return attr != null;
} }
@Override @Override